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FOREIGN  REQUESTS  FOR  INFORMATION 

Foreign  requests  for  U.S.  industry  Science  and  Technology  (S&T)  program  information  and  technology  are  the 
most  frequently  reported  method  of  operation  (MO)  associated  with  foreign  targeting  activity.  Requests  frequently 
involve  faxing,  mailing,  e-mailing,  or  telephoning  to  individual  U.S.  persons  rather  than  corporate  marketing 
departments.  The  requests  may  involve  surveys  or  questionnaires  and  are  frequently  sent  over  the  Internet. 

Indicators 

The  requester: 


Has  an  e-mail  address  is  in  a  foreign  country 
May  be  associated  with  an  embargoed  country 
Identifies  their  status  as  a  student  or  consultant 


•  Identifies  themselves  as  a  “student”  seeking  empathy  because  his  nation  lacks  this  scientific  or  technical 
information 

•  Identifies  their  employer  as  a  foreign  government  or  the  work  is  being  done  for  a  foreign  government  or 
program. 

•  Asks  about  a  technology  related  to  a  defense-related  program,  project,  or  contract 

•  Asks  questions  about  defense-related  programs  using  acronyms  specific  to  the  program 

•  Insinuates  that  the  identity  of  the  third  party  they  work  for  is  “classified” 

•  Admits  they  could  not  get  the  information  elsewhere  because  it  was  classified  or  “controlled” 

•  Advises  the  recipient  to  disregard  the  request  if  it  causes  a  security  problem  or  if  it  is  for  information  the 
recipient  cannot  provide  due  to  security  classification,  export  controls,  and  so  forth 

•  Assures  the  recipient  that  export  licenses  are  not  required  or  are  not  a  problem 

•  Recipient  has  never  met  or  does  not  normally  conduct  business  with  the  sender 

•  Is  requesting  technology  that  is  classified,  International  Traffic  in  Arms  Regulation  (ITAR)-controlled,  is  on 
the  Militarily  Critical  Technologies  List  (MCTL),  or  has  both  commercial  and  military  applications 

•  Requests  may  be  faxed  or  mailed  to  an  individual  vice  the  company  marketing  office 

•  Requests  may  exceed  generally  accepted  terms  of  information 

•  Gives  strong  suspicions  that  a  competing  foreign  company  employs  the  “surveyor” 

Recommended  Security  Countermeasures: 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Have  a  written  policy  on  how  to  respond  to  requests 

•  Brief  employees  not  to  respond  to  suspicious  requests 

•  Brief  employees  to  report  suspicious  incidents  to  their  security  office  or  security  focal  point 

•  Review  how  much  information  you  have  in  the  open  domain 

•  Ask  foreigner  why  they  want  the  information,  who  they  represent,  and  what  the  U.S.  information  will  be 
used  for. 


WEB-BASED  REQUESTS  FOR  INFORMATION 

Web-based  requests  continue  to  be  a  significant  source  of  foreign  targeting  of  U.S.  information  or  technologies.  A 
wealth  of  once  protected  information  is  now  retrievable  by  individuals  from  around  the  world.  There  appears  to  be 
a  sharp  increase  in  the  use  of  web-based  requests  by  foreign  entities  as  a  means  to  identify  potential  targets  and 
to  facilitate  the  actual  collection  of  information.  Web-based  requests  provide  a  simple,  low  cost,  non-threatening, 
risk-free  means  of  worldwide  attempts  to  acquire  U.S.  controlled  information  and  technology.  Web-based 
requests  are  inconspicuous  and  can  bypass  many  traditional  security  safeguards,  thus  directly  reaching  the 
target. 

Indicators 

•  The  program,  project  or  company  does  not  normally  conduct  business  with  the  foreign  requestor 

•  The  request  originates  from  an  embargoed  country 

•  The  request  is,  in  fact,  unsolicited  or  unwarranted 

•  Requestor  claims  to  represent  an  official  government  agency  but  avoids  proper  channels  to  make  the 
request. 

•  The  initial  request  is  directed  at  an  employee  who  does  not  know  the  sender  and  is  not  in  the  sales  or 
marketing  office 

•  The  requestor  is  fishing  for  information 

•  Requestor  represents  unidentified  third  party 

•  The  requestor  is  located  in  a  country  with  a  targeting  history  directed  at  the  United  States 

•  The  requestor  appears  to  be  “skirting  controls” 

•  Several  similar  requests  are  made  over  time 


Recommended  Security  Countermeasures 


•  Have  a  Technology  Control  Plan  (TCP) 

•  Incorporate  security  in  to  web  design  and  advertising 

•  Initiate  an  active  monitoring  solution  of  web  site 

•  Report  request  to  your  Security  Office 


SOLICITATION  AND  MARKETING  OF  SERVICES 

Consistent  with  past  reporting,  individuals,  companies  and  research  facilities  offer  their  technical  and 
business  services  to  U.S.  research  facilities,  academic  institutions  and  the  cleared  defense  industry 

Indicators 

•  Foreign  “scientist”  seeks  employment  associated  with  sensitive  defense  technologies 

•  Offer  to  provide  offshore  software  support 

•  Foreign  government-  and  business-  sponsored  internships 

•  Invitation  to  cultural  exchange,  individual-to-individual  exchange  or  ambassador  program 

•  Offer  to  act  as  sales  or  purchasing  agent  in  foreign  country 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Report  names  of  foreign  scientists  and  engineers  whose  solicitation  concerns  classified  or  controlled 
research  and  technology 

•  Obtain  recommendations  and  assess  risks  posed  by  software  support  in  a  foreign  land 

•  Receive  State  Department  travel  briefings  before  departing  on  an  exchange  or  ambassador  program 


FOREIGN  ACQUISITION  OF  U.S.  TECHNOLOGY/COMPANY 

Foreign  entities  try  to  access  sensitive  technologies  by  purchasing  U.S.  technology  or  a  U.S.  company 
possessing  the  sensitive  technology/product. 

Indicators 


•  Companies  of  political  and  military  allies  are  most  likely  associated  with  this  activity 

•  Foreign  competitors  seek  a  position  in  the  U.S.  company  that  affords  access  to  technology 

•  New  employees  hired  from  the  foreign  parent  company  or  its  foreign  partners  ask  to  access  classified 
data 

•  Foreign  parent  company  attempts  to  circumvent  the  security  agreement  or,  even  easier,  avoids  or 
otherwise  disrupts  or  hinders  the  Foreign  Ownership,  Control  or  Influence  (FOCI)  process 

•  Foreign  parent  employees  try  to  make  exceptions  to  the  terms  of  the  security  agreement 

•  Statement  that  license  is  not  necessary 

•  Foreign  company  asks  U.S.  company  to  send  information  or  product  to  another  U.S.-based  company  for 
transfer  overseas  or  via  Fedex  or  UPS  to  overseas  address 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Request  a  threat  assessment  from  the  program  office 

•  Scrutinize  employees  hired  at  the  behest  of  foreign  entity 

•  Conduct  frequent  checks  of  foreign  visits  to  determine  if  foreign  interests  are  attempting  to  circumvent 
security  agreements 

•  Provide  periodic  threat  briefings  to  outside  directors  and  user  agencies 

•  Ask  what  U.S. -based  company  does 


Ask  why  the  company  cooperates  with  the  foreign  entity 
Ask  why  the  foreigner  wants  the  product  express-mailed 
Ask  export  officer  if  information  or  technology  is  export-controlled 


FOREIGN  VISITS  AT  U.S.  FACILITIES 

Foreign  visits  to  U.S.  facilities  can  present  potential  security  risks  if  sound  risk  management  is  not  practiced. 

Indicators 


•  Foreign  Liaison  Officer  or  embassy  official  escorting  visitor  attempts  to  conceal  official  identities  during  a 
supposedly  commercial  visit 

•  Hidden  agendas  as  opposed  to  the  stated  purpose  of  the  visit 

•  Last  minute  and  unannounced  persons  added  to  the  visiting  party 

•  “Wandering”  visitors  who  act  offended  when  confronted 

•  Using  alternative  methods.  For  example  if  a  classified  visit  request  is  disapproved,  the  foreign  entity  may 
attempt  a  commercial  visit 

•  Visitors  ask  questions  during  briefing  outside  the  scope  of  the  approved  visit  hoping  to  get  a  courteous  or 
spontaneous  response 

•  Visitor  claims  business  interest  but  lacks  experience  researching  and  developing  this  technology 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Brief  country  threat  to  all  employees  involved  with  the  foreign  visit.  Request  intelligence  country  threat 
assessments 

•  Ensure  appropriate  personnel,  both  escorts  and  those  meeting  with  visitors,  are  briefed  on  the  scope  of 
the  visit. 

•  The  number  of  escorts  per  visitor  group  should  be  adequate  to  properly  control  movement  and  conduct  of 
visitors. 


EXHIBITS,  CONVENTIONS  AND  SEMINARS 

These  functions  directly  link  programs  and  technologies  with  knowledgeable  personnel.  Conventions 
may  provide  foreign  entities  with  targeting  information  to  be  used  later. 

Indicators 

•  Topics  at  seminars  and  conventions  deal  with  classified  or  controlled  technologies  and/or  applications 

•  Country  or  organization  sponsoring  seminar  or  conference  has  tried  unsuccessfully  to  visit  the  facility 

•  Receive  invitation  to  brief  or  lecture  in  a  foreign  country  with  all  expenses  paid 

•  Requests  for  presentation  summary  6-12  months  before  seminar 

•  Photography  and  filming  appear  suspicious 

•  Attendees  wear  false  name  tags 

•  Casual  conversation  and  discussions  during  and  after  these  events. 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Be  aware  of  follow-up  requests  after  a  show 

•  Consider  what  information  is  being  exposed,  where,  when,  and  to  whom 

•  Provide  employees  with  detailed  travel  briefings  concerning  the  threat,  precautions  to  take,  and  how  to 
react  to  elicitation 

•  Take  mock-up  displays  instead  of  real  equipment 


Request  a  threat  assessment  from  program  office 

Restrict  information  provided  to  that  necessary  for  travel/hotel  accommodations 
Carefully  consider  whether  equipment  or  software  can  be  adequately  protected. 


EXPLOITATION  OF  INTERNET 

Internet  exploitation  consists  of  hacking,  probes,  scanning,  and  pinging.  This  category  is  not  related  to 
the  Internet  based  requests  for  information.  The  majority  of  cases  involve  probing  efforts.  Although 
probing  a  system  is  legal,  once  a  port  is  breached  a  crime  is  committed. 

Indicators 

•  Computer  probes  are  most  likely  searching  for  potential  weaknesses  in  systems  for  exploitation 

•  Network  attacks  originated  from  foreign  Internet  service  providers 

•  Attacks  last  over  a  period  of  a  day 

•  Several  hundred  attempts  are  made  to  use  multiple  passwords. 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Have  firewall  monitoring  software  that  logs  all  intrusion  attempts  and  any  malicious  activity 

•  Have  the  appropriate  level  of  protection  in  place  to  repel  such  an  attack 

•  When  a  probe  is  noted,  heighten  security  alert  status 


JOINT  VENTURE/  RESEARCH 

Co-production  and  various  exchange  agreements  potentially  offer  significant  opportunities  for  foreign 
interests  to  target  restricted  technology. 

Indicators 

Resident  foreign  representative: 

•  Faxes  documents  to  an  embassy  or  another  country  in  a  foreign  language 

•  Wants  to  access  the  local  area  network  (LAN) 

•  Wants  unrestricted  access  to  the  facility 

•  Singles  out  company  personnel  to  elicit  information  outside  the  scope  of  the  project 

•  Enticing  U.S.  contractors  to  provide  large  amounts  of  technical  data  as  part  of  the  bidding  process,  only  to 
have  the  contract  canceled 

•  Potential  technology  sharing  agreements  during  the  joint  venture  are  one-sided 

•  Foreign  organization  sends  more  foreign  representatives  than  is  necessary  for  the  project 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Review  all  documents  being  faxed  or  mailed  and  have  someone  to  translate 

•  Provide  foreign  representatives  with  stand-alone  computers 

•  Share  the  minimum  amount  of  information  appropriate  to  the  scope  of  the  joint  venture/research 

•  Extensively  educate  employees  on  the  scope  of  the  project  and  how  to  deal  with  and  report  elicitation 

•  Periodic  sustainment  training  must  follow  initial  education 

•  Refuse  to  accept  unnecessary  foreign  representatives  into  the  facility 


TARGETING  OF  U.S.  PERSONNEL  ABROAD 


Suspicious  activity  occurs  on  collector's  home  territory  leaving  U.S.  travelers  vulnerable  to  exploitation, 
including  that  by  Foreign  Intelligence  Services  (FIS).  Frequently,  FIS  recognize  U.S.  travelers  who  are 
engaged  in  international  conventions,  support  to  combined  military  operations,  and  joint  ventures. 

Indicators 

•  Technical  means  (for  example,  electronic  surveillance) 

•  Entrapment  schemes  such  as  honey  trap,  black  market  and  extortion 

•  Repeated  stays  in  the  same  room  of  the  same  hotel 

•  Several  attempts  made  to  access  room  by  service  personnel 

•  Excessively  helpful  assistance 

•  Undue  questioning  by  port  authorities 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Facilities  should  review  the  type  and  amount  of  information  they  provide 

•  Withhold  non-essential  biographic  and  other  data  requested  by  the  host 


WORK  OFFERS 

Foreign  scientists,  students,  and  engineers  will  offer  their  services  to  research  facilities,  academic 
institutions,  and  even  cleared  defense  contractors.  This  may  be  a  MO  to  place  a  foreign  national  inside 
the  facility  to  collect  information  concerning  a  desired  technology. 

Indicators 

•  Foreign  applicant  has  a  scientific  or  engineering  background  in  a  technical  area  for  which  his  country  has 
been  identified  as  having  a  collection  requirement 

•  Foreign  applicant  offers  services  for  "free,"  stating  that  a  foreign  government  agency,  military  activity, 
university,  or  corporation  is  paying  expenses 

•  Foreign  intern  (students  working  on  masters  or  doctorate)  offers  to  work  without  pay  under  a 
knowledgeable  individual,  usually  for  a  period  of  2-3  years 

•  The  technology  in  which  the  foreign  individual  wants  to  work  or  conduct  research  is  frequently  related  to, 
or  may  be  classified,  ITAR,  EAR,  CCL,  MCTL  controlled 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Provide  employees  periodic  security  awareness  briefings  about  long-term  foreign  visitors 

•  Check  backgrounds  and  references  of  foreign  job,  research,  and  intern  applicants 

•  Request  a  threat  assessment  from  the  program  office  whose  program  is  associated  with  the  foreign 
interest 


CO-OPTING  FORMER  EMPLOYEES 

Former  employees  who  had  access  to  sensitive,  proprietary,  or  classified  S&T  program  information 

remain  a  potential  counterintelligence  concern.  Targeting  cultural  commonalties  to  establish  rapport  is 

often  associated  with  the  collection  attempt.  Former  employees  may  be  viewed  as  excellent  prospects  for 

collection  operations  and  considered  less  likely  to  feel  obligated  to  comply  with  U.S.  Government  or 

corporate  security  requirements. 


Indicators 


•  Former  employee  takes  a  job  with  a  foreign  company  working  on  the  same  technology 

•  Former  employee  maintains  contact  with  former  company  and  employees 

•  An  employee  alternates  working  with  U.S.  companies  and  foreign  companies  every  few  years 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Brief  employees  to  be  alert  to  actions  of  former  employees  returning  to  the  facility 

•  Have  a  policy  concerning  visitation  or  contacts  with  current  employees  by  former  employees 

•  Debrief  employees  upon  termination  of  employment  and  reinforce  their  responsibilities 

•  Concerning  their  legal  responsibilities  to  protect  classified,  proprietary,  and  export  controlled  Sensitive  But 
Unclassified  (SBU)  information  and  technology 


TARGETING  CULTURAL  COMMONALITIES 

Foreign  entities  exploit  the  cultural  background  of  company  personnel,  visitors  and  visited,  to  elicit 
information. 

Indicators 

•  Employees  receive  unsolicited  greetings  or  other  correspondence  from  embassy,  company,  or  country  of 
family’s  origin 

•  Employees  receive  invitations  to  visit  country  of  family’s  origin  for  purpose  of  providing  lecture  or  receiving 
an  award 

•  Foreign  visitors  single  out  company  personnel  of  same  cultural  background  with  whom  to  work  or 
socialize. 

Recommended  Security  Countermeasures 

•  Have  a  Technology  Control  Plan  (TCP) 

•  Brief  all  employees  on  this  MO  and  address  it  in  company  reporting  policy 

•  Monitor  foreign  visitor  activities  for  indications  of  their  targeting  of  company  personnel 

•  Report  suspected  targeting  as  early  as  possible  to  minimize  potential  problems 
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